Software
 » 
Java Software
 » 
EjbCA
 » 
EjbCA - Dev

EJBCA and Greenbow VPN client problem

View: New views
2 Messages — Rating Filter:   Alert me  

EJBCA and Greenbow VPN client problem

by Gilloteau Frederic :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Some parts of this message have been removed. Learn more about Nabble's security policy.

Hello,

 

Could someone help me with this strange situation:

 

I try to configure an IPSEC VPN tunnel between the Greenbow client with certificate authentication and a CISCO 871 router. The certificates are generated with EJBCA.

Maybe I am not in the good place to ask about it but the fact is that the same configuration with Microsoft Windows 2003 CA works well.

 

An other interesting thing is that the same EJBCA certificates used for an other VPN client (i.e NCP) and the same CISCO router work well.

 

My question: Are there any EJBCA certificate configuration options I can activate to make the certificates closely similar to Microsoft ones?

For information, I have compared the two certificates generated by Microsoft or by EJBCA for the Greenbow client and they are very similar (same extensions) apart from the fact that Microsoft ones include S/MIME.

 

Thanks for any help.

 

Fred

 

 


-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Ejbca-develop mailing list
Ejbca-develop@...
https://lists.sourceforge.net/lists/listinfo/ejbca-develop

Re: EJBCA and Greenbow VPN client problem

by Tomas Gustavsson :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message


Hi, You configure certificate contents in the "Certificate profiles".
With S/MIME I suspect that this is an extended key usage, that you can
configure in the certificate profile.

You should add a new certificate profile (use the default ENDENTITY one
as template) and then configure extensions etc.
You can also add a new end entity profile, selecting the new certificate
profile to be used. In the end entity profile you can configure which DN
fields, altNames etc should be used. You can also pre-configure DN
fields so you don't have to type so much when registering end entities.

Cheers,
Tomas
-----
PrimeKey Solutions offers a commercial EJBCA support subscription and
training for EJBCA. Please see www.primekey.se or contact
info@... for more information.
http://download.primekey.se/documents/ejbca_subscription.pdf
http://download.primekey.se/documents/ejbca_training.pdf

Fred wrote:

> Hello,
>
>  
>
> Could someone help me with this strange situation:
>
>  
>
> I try to configure an IPSEC VPN tunnel between the Greenbow client with
> certificate authentication and a CISCO 871 router. The certificates are
> generated with EJBCA.
>
> Maybe I am not in the good place to ask about it but the fact is that
> the same configuration with Microsoft Windows 2003 CA works well.
>
>  
>
> An other interesting thing is that the same EJBCA certificates used for
> an other VPN client (i.e NCP) and the same CISCO router work well.
>
>  
>
> My question: Are there any EJBCA certificate configuration options I can
> activate to make the certificates closely similar to Microsoft ones?
>
> For information, I have compared the two certificates generated by
> Microsoft or by EJBCA for the Greenbow client and they are very similar
> (same extensions) apart from the fact that Microsoft ones include S/MIME.
>
>  
>
> Thanks for any help.
>
>  
>
> Fred
>
>  
>
>  
>
>
> ------------------------------------------------------------------------
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
> Build the coolest Linux based applications with Moblin SDK & win great prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Ejbca-develop mailing list
> Ejbca-develop@...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Ejbca-develop mailing list
Ejbca-develop@...
https://lists.sourceforge.net/lists/listinfo/ejbca-develop
LightInTheBox - Buy quality products at wholesale price!
Free Forum Powered by Nabble Forum Help